PDA

View Full Version : winitr32.exe



drb1
03-09-2004, 09:00 AM
winitr32.exe.

Any body know anything about this guy, not google, not symantec, not microsoft. seems to be naughty.

Spacemannz
03-09-2004, 09:13 AM
Where is it on the hard drive??

And is it under msconfig under startup? And what version of Windows
are you using?? If XP, its not part of XP 1 or 2. It's not on this PC.

Rob99
03-09-2004, 09:24 AM
couldnt find anything either, maybe check the spelling

Spacemannz
03-09-2004, 05:34 PM
It might be wininit32.exe?

Which belongs to this

http://securityresponse.symantec.com/avcenter/venc/data/w32.xabot.worm.html

This is a worm/backdoor trojan.

or wininit.exe?

which is

http://service1.symantec.com/sarc/sarc.nsf/html/pf/w32.hllw.bymer.html

drb1
03-09-2004, 06:50 PM
> It might be wininit32.exe?
>
> Which belongs to this
>
> http://securityresponse.symantec.com/avcenter/venc/dat
> /w32.xabot.worm.html
>
> This is a worm/backdoor trojan.
>
> or wininit.exe?
>
> which is
>
> http://service1.symantec.com/sarc/sarc.nsf/html/pf/w32
> hllw.bymer.html
>

Yes, very close, I was there B4 I came here, the spelling is (winitr32.exe).

I have seen Wuamgrd (?spelling) remanifest itself as Muamgrd.

It's probably the same scenario.

I got a blue screen slow start, (winitr32.exe) was flicking on and off in tsk/mnger. Halted the process and got a complete boot.

Removed file from sys32. on reboot somethig was looking for it.

Next reboot seems to be gone.

just about time for an image replacment.

This was really a curiosity/inf post.

Thank you.

Spacemannz
03-09-2004, 06:52 PM
No prob :) HTH ciao

drb1
03-09-2004, 06:54 PM
I forgot it also gets picked up in the firewall tring to acess the net with that spelling.